To specify CA certificate access points in issued certificates

1. Log on to the system as a Certification Authority Administrator.
2. Open Certification Authority.
3. In the console tree, click the name of the certification authority (CA).

   Where?

   • Certification Authority (Computer)
   • CA name
4. On the Action menu, click Properties.
5. On the Extensions tab, click Select extension, and then click Authority Information Access (AIA).
6. Specify the locations from which users can obtain the certificate for this CA.

   To	Do this
   Add a URL that will be published as part of any certificate issued by a CA.	Click Add, then type a URL where users can obtain the CA's certificate.
   Remove an authority information URL from the list on issued certificates.	Click the URL and then click Remove.
   Indicate that that you do not want to use a URL as an authority information access point in certificates without removing it from the list.	Clear the Include in the AIA extension of issued certificates check box.
   Indicate that a URL can now be used as an authority information access point.	Select the Include in the AIA extension of issued certificates check box.
   Indicate that a URL can now be used for online certificate status protocol (OCSP).	Select the Include in the online certificate status protocol (OCSP) extension check box.
   Indicate that that you do not want to use a URL for online certificate status protocol (OCSP) in certificates without removing it from the list.	Clear the Include in the online certificate status protocol (OCSP) extension check box.

7. Stop and restart the Certificate Services service.

Notes

• XOX

• Authority information access URLs can be either HTTP, FTP, LDAP, or FILE addresses. You can use the following variables when specifying the address of the authority information access point:

  Variable	Value
  CAName	The name of the certification authority.
  CAObjectClass	The object class identifier for a certification authority, used when publishing to an LDAP URL
  CATruncatedName	The "sanitized" name of the certification authority, truncated to 32 characters with a hash on the end
  CDPObjectClass	The object class identifier for CRL distribution points, used when publishing to an LDAP URL
  CertificateName	The renewal extension of the certification authority
  ConfigurationContainer	The location of the Configuration container in Active Directory
  CRLNameSuffix	Inserts a name suffix at the end of the file name when publishing a CRL to a file or URL location
  DeltaCRLAllowed	When a delta CRL is published, this replaces the CRLNameSuffix with a separate suffix to distinguish the delta CRL
  ServerDNSName	The DNS name of the certification authority server
  ServerShortName	The NetBIOS name of the certification authority server

• To stop and restart the Certificate Services service, see Related Topics.

Related Topics